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WHAT IS CLAIMED IS: 

1. An apparatus, comprising: 

an intrusion detection system (IDS) module coupled 
5 to a main central processing unit (CPU) , the main CPU 
being operable to communicate a copy of one or more 
incoming packets to the IDS module, which is operable to 
identify a volume associated with the incoming packets in 
order to communicate feedback information to the main 

10 CPU, the feedback information signaling that the IDS 
module is expending a designated amount of resources 
based on the volume, wherein the main CPU is operable to 
respond to the feedback information by restricting a 
number of additional incoming packets that are received 

15 by the main CPU. 

2. The apparatus of Claim 1, wherein the IDS 
module is operable to identify a plurality of thresholds, 
one or more of which are operable to trigger the feedback 

2 0 information to be communicated to the main CPU by the IDS 
module, the one or more thresholds each representing 
volume levels reflecting an amount of incoming packets 
that are received by the IDS module, and wherein the main 
CPU is operable to increase the volume associated with 

25 the incoming packets in response to receiving additional 
feedback from the IDS module. 

3. The apparatus of Claim 1, wherein the IDS 
module communicates with the main CPU based on a selected 

30 one of a router blade control protocol (RBCP) and a i 
simple network management protocol (SNMP) . 
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4. The apparatus of Claim 1, wherein the IDS 
module is operable to communicate an alarm to a network 
management element that signals that the IDS module has 
reached a certain volume level associated with an amount 

5 of incoming packets received. 

5. The apparatus of Claim 1, wherein the IDS 
module is operable to execute a transmission control 
protocol (TCP) reset in order to indicate an attack is 

10 being seen from a source address such that a connection 
corresponding to the source address may be torn down. 

6. The apparatus of Claim 1, wherein the IDS 
module is operable to block a source location by 

15 establishing an access control list (ACL) that includes 
the source location, wherein communications associated 
with the source location are restricted as a result of 
being included on the ACL. 

2 0 7. The apparatus of Claim 1, wherein the IDS 

module and the main CPU are included in a network 
element, the network element being selected from a group 
of elements consisting of: 



(a) 


a 


router; 


(b) 


a 


bridge; 


(c) 


a 


switch; 


(d) 


a 


loadbalancer ; 


(e) 


a 


processor; and 


(f) 


a 


gateway . 
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8. A method for implementing traffic management, 
comprising : 

communicating a copy of one or more incoming 
packets; 

5 identifying a volume associated with the incoming 

packets in order to communicate feedback information to a 
main central processing unit (CPU) , the feedback 
information signaling that an intrusion detection system 
(IDS) module is expending a designated amount of 
10 resources; and 

responding to the feedback information by 
restricting a number of additional incoming packets that 
are received by the main CPU. 

15 9. The method of Claim 8, further comprising: 

identifying a plurality of thresholds, one or more 
of which are operable to trigger the feedback information 
to be communicated to the main CPU by the IDS module, the 
one or more thresholds each representing volume levels of 

2 0 incoming packets that are received by the IDS module. 

10. The method of Claim 8, wherein the IDS module 
communicates with the main CPU based on a selected one of 
a router blade control protocol (RBCP) and a simple 
2 5 network management protocol (SNMP) . 
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11. The method of Claim 8, further comprising: 
communicating an alarm to a network management 

element that signals that the IDS module has reached a 
certain volume level associated with an amount of 
5 incoming packets received. 

12. The method of Claim 8, further comprising: 
executing a transmission control protocol (TCP) 

reset in order to indicate an attack is being seen from a 
10 source address such that a connection corresponding to 
the source address may be torn down. 

13. The method of Claim 8, further comprising: 
blocking a source location by establishing an access 

15 control list (ACL) that includes the source location, 
wherein communications associated with the source 
location are restricted as a result of being included on 
the ACL. 

2 0 14. The method of Claim 8, further comprising: 

increasing the volume associated with the incoming 
packets based on additional feedback being received from 
the IDS module, the additional feedback reflecting a 
reduced volume associated with the incoming packets. 
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15. A system for implementing traffic management, 
comprising : 

means for communicating a copy of one or more 
incoming packets; 
5 means for identifying a volume associated with the 

incoming packets in order to communicate feedback 
information to a main central processing unit (CPU) , the 
feedback information signaling that an intrusion 
detection system (IDS) module is expending a designated 
10 amount of resources; and 

means for responding to the feedback information by 
restricting a number of additional incoming packets that 
are received by the main CPU. 

15 16. The system of Claim 15, further comprising: 

means for identifying a plurality of thresholds, one 
or more of which are operable to trigger the feedback 
information to be communicated to the main CPU by the IDS 
module, the one or more thresholds each representing 

2 0 volume levels of incoming packets that are received by 
the IDS module. 

17. The system of Claim 15, wherein the IDS module 

communicates with the main CPU based on a selected one of 

2 5 a router blade control protocol (RBCP) and a simple 
network management protocol (SNMP) . 
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18. The system of Claim 15, further comprising: 
means for communicating an alarm to a network 

management element that signals that the IDS module has 
reached a certain volume level associated with an amount 
5 of incoming packets received. 

19. The system of Claim 15, further comprising: 
means for executing a transmission control protocol 

(TCP) reset in order to indicate an attack is being seen 
10 from a source address such that a connection 
corresponding to the source address may be torn down. 

20. The system of Claim 15, further comprising: 
means for blocking a source location by establishing 

15 an access control list (ACL) that includes the source 
location, wherein communications associated with the 
source location are restricted as a result of being 
included on the ACL. 

20 21. The system of Claim 15, further comprising: 

means for increasing the volume associated with the 
incoming packets based on additional feedback being 
received from the IDS module, the additional feedback 
reflecting a reduced volume associated with the incoming 

25 packets. 
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22. Software for implementing traffic management, 
the software comprising computer code such that when 
executed is operable to: 

communicate a copy of one or more incoming packets; 
5 identify a volume associated with the incoming 

packets in order to communicate feedback information to a 
main central processing unit (CPU) , the feedback 
information signaling that an intrusion detection system 
(IDS) module is expending a designated amount of 
10 resources; and 

respond to the feedback information by restricting a 
number of additional incoming packets that are received 
by the main CPU. 

15 23. The medium of Claim 22, wherein the code if 

further operable to: 

identify a plurality of thresholds, one or more of 

which are operable to trigger the feedback information to 

be communicated to the main CPU by the IDS module, the 
20 one or more thresholds each representing volume levels of 

incoming packets that are received by the IDS module. 

24. The medium of Claim 22, wherein the IDS module 

communicates with the main CPU based on a selected one of 

2 5 a router blade control protocol (RBCP) and a simple 
network management protocol (SNMP) . 
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25. The medium of Claim 22, wherein the code if 
further operable to: 

communicate an alarm to a network management element 
that signals that the IDS module has reached a certain 
5 volume level associated with an amount of incoming 
packets received. 

26. The medium of Claim 22, wherein the code if 
further operable to: 

10 execute a transmission control protocol (TCP) reset 

in order to indicate an attack is being seen from a 
source address such that a connection corresponding to 
the source address may be torn down. 

27. The medium of Claim 22, wherein the code if 
further operable to: 

block a source location by establishing an access 
control list (ACL) that includes the source location, 
wherein communications associated with the source 
location are restricted as a result of being included on 
the ACL. 

28. The medium of Claim 22, wherein the code if 
further operable to: 

2 5 increase the volume associated with the incoming 

packets based on additional feedback being received from 
the IDS module, the additional feedback reflecting a 
reduced volume associated with the incoming packets. 
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